NTP Vulnerability Fix

We are working with our CPE vendor, Pace, to patch a vulnerability in the 4111N CPE that leaves the device vulnerable to NTP amplification attacks.
A patch will be pushed to all Pace 4111Ns on our network as each device checks in with the ACS over the next 24 hours. Rebooting the device will allow the patch to be applied immediately. Connectivity should not be interrupted as a result of this update.
– Adam E. and the Support Team.

3 comments for “NTP Vulnerability Fix

  1. […] Come February, noticed that my syslog instances were not keeping time.  What the heck? Troubleshot, found NTP was not working.  Nothing was coming back from numerous NTP outbound sync requests.  Still hadn’t unpacked any of my trusty Intrusion, Inc aggregator taps, so figured that next week, or perhaps even the next, was as good as time as any.  I run two routers: one of my own medley, and one Hawaiian Telcom-provided 2Wire/Pace for the TV. So I need a switch plugged into the WAN Ethernet cable from the ISP so that I can get a DHCP address for each router.  Some ISPs like Time Warner will give you up to two IP addresses at the same time.  Others more than two, others only one.  I would never go with the latter. But I digress.  That is where I plugged my tap into almost two weeks later, and with a little tcpdump, immediately saw the problem.  NTP was not getting back in even outside the firewall.   Suspecting this may be related to the recent rash of NTP reflection/amplification attacks, called Hawaiian Telcom customer support and after less than an hour, they confirmed that NTP was indeed blocked globally “for the cyber safety of their customers” until they can roll out a patch to all of their customer Pace routers vulnerable to the exploit. Found that another ISP, Sonic, is having the same problem as Hawaiian Telcom with their Pace routers… […]

Leave a Reply

Your email address will not be published. Required fields are marked *